Streaming service Rainway exposes the scale of the Fortnite virus problem

Battle royale shooter Fortnite is a phenomenon now, but with many millions of players comes big problems, especially when the audience skews a little younger than average and the game is free to play. Last Tuesday, engineers at game-streaming service Rainway noticed tens of thousands of automatically logged errors flooding in, all of them coming from Fortnite players.It was time for their tech team to do a little internet sleuthing, which they kindly documented here in this developer blog post.

The first thing Rainway’s techies did was confirm that the errors weren’t coming from or related to their own software. With that out of the way, they now had a log of many thousands of users, all trying to access ad servers online, but reporting Javascript-related errors, indicating some kind of ad-based malware. Fortnite is one of the most played games using the service (letting people stream from their home computer to remote devices), so it wasn’t too surprising a vector, but that led to the problem of identifying which piece of malware it was.

YouTube is flooded with videos promising downloads of undetectable cheats and free cash-shop credit for Fortnite, many of them being viruses. Identifying which particular one was setting off all the alarm bells at Rainway was like picking out a particularly thorny needle in a haystack made out of needles. In the end, they just went through and picked through the pile mechanically, by downloading hundreds of potential malware packages and running them through a custom-made search tool to see if any of the reported ad server URLs popped up.

Eventually they struck gold with one package, which was promising both free V-Bucks (the in-game currency) and an undetectable aimbot. In reality, once installed it went and re-routed all web traffic through itself, adding a generous helping of extra ads to every website. Rainway have made some effort to shut down this particular piece of malware, getting the download pulled from its original host and informing the ad company involved – Adtelligent – that someone on their network was serving ads this way, but at the time of writing, Adtelligent have yet to respond.

Rainway also went and informed all of their affected users that they’d been caught by this malware, but with masses of users affected on one streaming service alone, it seems like that tens of thousands of users have been affected, with the malware installer clocking in at 78,000 downloads total. So, let this be a lesson to you all that cheaters seldom prosper, and to keep away from strange download links you see on YouTube. If any of your kids play Fortnite, please warn them, because nobody wants to waste a weekend reformatting their kid’s PC.

And just remember; this virus was in one package out of hundreds that they had to test. I can’t even begin to guess how many are infected worldwide in search of Fortnite fame and fortune. And even if you do manage to luck out and find some real cheats? There’s a good chance that won’t end too well for you either.